This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Administrators and Web application developers demand a reliable, easily managed, high performance, and secure Web server. Apache web server introduces many new features for Web application server reliability and availability, management, scalability, and security. This project provides a technical overview of Apache web server, its configuration and security using Https protocol.
A Web server is a server that is responsible for accepting HTTP requests from web clients and serving them HTTP responses, usually in the form of web pages containing static (text, images etc) and dynamic (scripts) content. The Apache Web server has been the most popular and widely used Web server for the last decade. It is used by approximately 50% of all websites.
Apache is cross-platform, lightweight, robust, and used in small companies as well as large corporations. Apache is also free and open-source. The Apache Web server has almost endless possibilities, due to its great modularity, which allows it to be integrated with numerous other applications. One of the most popular bundles is the LAMP Web server application stack, which includes the Apache Web server alongside MySQL, PHP, Perl, and Python.
The Apache Web server is developed by the Apache Software Foundation. You can read more about Apache on Wikipedia. Being able to configure and secure the Apache Web server is one of the most important tasks for a (Linux) system administrator. Almost every company has some sort of a website that advertises it, including intranet pages that are used by the company's workers. The Web interface is used for many tasks besides pure browsing, including tasks as simple as meal orders and shift rosters, but also important tasks like administration of databases.
In most cases, a local web server is setup to accommodate these needs. Web sites are used to serve content to billions of users daily. Whoever controls this content - controls the Worldwide Web, from news and blogs to financial transactions. Web servers are Hubs of information and power. Miss configured or compromised servers can expose a large number of people to undesired content and potentially incur huge damages to involved parties.
Running a Web site is much more than opening a port and serving a few HTML pages. There are tremendous network usability and security considerations that must continuously be met, evaluated and improved in order to maintain a safe and effective Web server. In this Part of the project, we explained how to properly setup and run the Apache Web server, including the secure (HTTPS) server.
2. SYSTEM REQUIREMENT
I. Hardware Requirements:
System : Intel Pentium 4 CPU, 3.20GHz
Ram : 1.5 GB
Chipset : i686 GNU/Linux
Motherboard : Intel 915
Cache size : 2048 KB
Hard Disk : 80 GB
Network adapter : Broadcom netXtreme Gigabit Ethernet
II. Software Requirements:
Operating System : Red hat Enterprise Linux 4 - Kernel 2.6.9-5.EL
Virtual Environment : Microsoft Virtual PC 2007
Web server version : httpd-2.0.52-9.ent
DNS version : bind-9.2.4.-2
3. SYSTEM ANALYSIS
Apache is by far the most popular web server in use today. Based on the HTTP (Hypertext transfer protocol) daemon (httpd), Apache provides simple and secure access to all types of content using the regular HTTP protocol as well as its secure cousin, HTTPS. All the HTML documents must be retrieved by HTTP.
Creating web sites can be done using HTML (Hypertext markup language).This can be done as follows,
Open an empty file in notepad where we can write the html code, which includes <html>, <head>, etc., so that the web page can be created. After the completion of html scripting, we just have to save it as .html file which can be opened by a web browser.
These HTML files need to be created under the Document Root folder'/var/www/html'. A separate folder for each web site so will differentiate one from another.
This is the main apache server configuration file. It contains the configuration directives that give the server its instructions. The configuration directives grouped into three basic sections:
1. Directives that control the operation of the apache server process as a whole
2. Directives that define the parameters of the main or default server, which responds to requests that aren't handled by a virtual host. These directives also provide default values for the settings of all virtual hosts.
3. Settings for virtual hosts, which allow web requests to be sent to different IP addresses or hostnames and have them handled by the same apache server process. At this httpd file we need to give the server name and server IP for that particular web site.
To check the package: rpm -qa httpd
For starting the packages we type: service httpd start.
This configuration file can be used to add the number of localhosts.localdomains. At this location, we require IP address for each and every web site for the locahost and localdomain. This file editing is one of the important configuration commands in web server. At this place we can add number of domain names.
IP address Localhost.localdomain localhost
192.168.10.160 www.cdac.com www
Once the BIND is configured as a DNS (Domain Name server), there are a number of commands we can use to keep it working. Red hat even has its own GUI configuration tools for BIND. Named is one of the major commands to start the DNS service in redhat linux. Here is the path for DNS configuration files,
This is the main configuration file of DNS making server. There exist two types of zones, 'forward lookup zone' and 'reverse lookup zone'. This means one for DNS name and the second for DNS server IP address so that the webpage can be accessed by typing name of the website or by the IPaddess assigned to that webpage by using named.conf file. These forward and reverse files are stored in,
4. DESIGN AND IMPLEMENTATION
The following command verifies the presence of the required package:
rpm -q httpd
If the output is an empty prompt or a message saying the package is not installed, the package is needed to download and installed. If the shell displays the package name and version, it's good to go.
The following gives the location and purpose of the files used by the Apache server
server configuration files
main configuration files
configuration files for individually packaged modules, like ssl, php, perl etc
symbolic link to
symbolic link to
symbolic link to /var/run
public html files
4.1 Main configuration file(s)
The main configuration file for the Apache Web server is:
This file is well commented and self explanatory. It contains quite a large number of settings.
Editing the httpd.conf configuration file
Open the file in vi text. The file has many options. A change in single line is required to create server and get it running.
DocumentRoot tells where the web documents (html files, images etc) should be located. It is possible to refer files in other directories using aliases and symbolic links. The default directory is /var/www/html.
Creating the HTML Document
Here's the source of index.html, which is saved in the directory path of DocumentRoot.
Start the Web Server
Start the httpd service using the following command,
service httpd start
If everything worked out fine, the web server should start without any errors and the following should be seen in the terminal,
Now, we can access the WebPages internally.
To access the web page externally i.e., from other PC's that are connected in the network, DNS is need to be configured.
4.2 Configuring DNS
Type the following command to check the package,
rpm -qa bind
This is the main configuration file of DNS making server. The two types of zones that need to be created for each individual domain are the forward lookup zone and the reverse lookup zone.
To create a master DNS server, we'll need to create a zone file. The following configuration represents the changes that need to be made in the zone files,
Copy the localdomain.zone to cdac.forward. Open it with 'vi' command and make the following changes,
Copy the named.local to cdac.reverse. Open it with 'vi' command and make the following changes,
After creating these files, restart the following services to access the web pages,
#Service network restart
#Service httpd restart
#Service named restart
4.3 Testing and Results for HTTP
Open IE or Mozilla Firefox to browse the web pages as shown below.
Thus it shows the required output.
5. SECURE WEB SERVER
Running a secure Web server is something that should consider if the daily use of a websites includes an exchange of confidential, private information from users. Regular Web servers send and receive traffic in unencrypted form. Unfortunately, this makes them vulnerable to man-in-the-middle attacks, where a potential attacker could use sniffer tools to log packets that route from clients to the server and derive sensitive information from them.
This mode of security is completely unacceptable for websites that must deal in personal data, like bank accounts, medical or financial records, or others.
The secure Web server eliminates this threat by offering two key advantages:
It allows users to verify the identity of the server.
It allows users to conduct safe transactions with your server by encrypting the authentication and the session.
To achieve this, the Apache Web server uses secure communication protocols like the Secure Socket Layer (SSL) or the Transport Layer Security (TLS) to protect the flow of data.
5.1 Encrypted Session:
The following outlines the details of a typical secure session,
• A client tries to connect to port 443 on the secure Web server.
• The client sends a list of available encryption methods it supports; if the client cannot support encryption, for instance very old browsers, the connection attempt will be unsuccessful. Modern browsers support both SSL and TLS without any problems.
• The server will choose the strongest available encryption method that both sides can support.
• The server will then send back to the client its certificate and the public encryption key. The certificate is a sort of an ID, telling the client important information about the server. To make this information credible, the certificate must be signed by a reputable Certificate Authority (CA), like EquiFax, Thawte or others. The public key will be used by the client to generate its own encryption hash should it choose to accept the server's certificate.
• The client receives the certificate. In most browsers, the certificate is first compared to an existing list of authorities. If the digital signature matches, the certificate will be accepted. If no match is found for the certificate, the browser might use the Online Certificate Status Protocol (OCSP) to connect to CAs in real time in an attempt to verify the certificate. Generally, the use of OCSP is not enabled by default in most browsers, in order to speed up the authentication process. If no match is found still, the client will be issued a warning by the browser, informing it that the certificate could not be verified. The user now must decide whether he/she can take the risk and accept the certificate.
In addition to being self-signed (i.e. no CA signature), the typical issues arising with certificate prompts include a mismatch between the site you are trying to access and the one registered in the certificate, dubious credentials or an expired certificate.
• Regardless of what may occur, if the client accepts the connection, it will send back a hash encrypted with the server's public key. This hash will be used to encrypt all communication between the server and the client throughout the session. Only the client will be able to decrypt the communications - or rather, anyone who possesses the private key. But if the client side is fairly secure and the server's certificate is valid, the communication is safe.
Client must support some sort of encryption to able to establish secure connections to a server. On the server end, the server must also support the secure communication protocols. The Apache Web server uses the mod_ssl module, which provides an interface to the OpenSSL library, allowing the use of SSL and TLS.
By default, most distributions today ship with the OpenSSL library installed and the Apache server compiled against the mod_ssl module.
To check the presence of OpenSSL library installed, type the following command,
rpm -q openssl
Main configuration file:
The main configuration file for the secure Apache Web server is:
The following image represents the ssl.conf file,
5.4 Create SSL certificate
Create Certificate Authority (CA):
The first step is to create an encryption key, which we will use to sign our CA. The following command creates the encryption key,
openssl genrsa -des3 -out myca.key 2048
This OpenSSL command line tool will generate an RSA key, using the Triple-DES cypher. The -out flag signifies the output name. The number at the end of the command tells us how long the key will be; generally, the longer the better. A 2048-bit encryption is quite sufficient.
The below figure shows the generation encryption key,
The following command generates the CA,
openssl req -new -x509 -days 365 -key myca.key -out myca.crt
Create server key :
The following command creates the server key,
Openssl genrsa -des3 -out serverkey 2048
Create Certificate Signing Request (CSR) :
The following command generates the required CSR,
Openssl req -new -key server.key -out server.csr
Sign Certificate Signing Request (CSR) with Certificate Authority (CA):
The following command generates the certificate,
Openssl x509 -req -days 365 -in server.csr -CA myca.crt -Cakey myca.key -set_serial 01 -out server.crt
Final Editing of ssl.conf configuration file :
The certificates generated so far should be reflected into the configuration file of ssl.conf, in order to let Apache know the existence of the certificates.
Now, copy the files to their relevant locations:
cp server.key /etc/pki/tls/private/server.key
cp server.crt /etc/pki/tls/certs/server.crt
cp myca.crt /etc/pki/tls/certs/myca.crt
5.5 Test setup
After saving the ssl.conf file, restart the server using the following command,
service httpd restart
A password needs to be provided before continuing.
You will most likely receive a warning Message.
Now, server access can be done by typing the following https://www.cdac.com in the address line of a web browser.
6. CONCLUSION AND FUTURE ENHANCEMENTS
Thus using Apache Web server, successful web hosting is done. Apache HTTPS implementation using SSL provides the secure connection between host and the server.
The Apache HTTP Server is the leading web server for many different reasons. One of the most obvious reasons is the cost. If a product is good, any one can't give it away. As of March, 2010, it is used on 111,000,000 sites. The closest contender is Microsoft's IIS at 49,000,000. Its security modules, support for the different programming languages, and virtual hosting are just three of the reasons it is so loved. Implementing these futures and making the web server completely secured is our future enchancement.